hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

QL code and tests for C#/C++/JavaScript.

Browse Source
This commit is contained in:
Pavel Avgustinov
2018-08-02 17:53:23 +01:00
commit b55526aa58
10684 changed files with 581163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.qhelp Normal file
View File

@@ -0,0 +1,21 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
Storing a plaintext password in a configuration file allows anyone who can read the file to
access the password-protected resources. Therefore it is a common attack vector.
</p>
</overview>
<recommendation>
<p>
Passwords stored in configuration files should always be encrypted.
</p>
</recommendation>
<references>
</references>
</qhelp>